In existing systems, virtual machine images may be fully instantiated and may begin to run in a virtualization environment before security controls and credentials are initiated on the virtual machine. Therefore, it is possible for virtual machine images to be extracted from a verified environment and instantiated in another unverified location.